Outline The eXpressive Internet Architecture a proposal Example - PDF document

6/29/2011 XIA: An Architecture for a Trustworthy and Evolvable Internet Peter Steenkiste Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie Mellon University Aditya Akella, University of Wisconsin John Byers Boston University John Byers, Boston University NGI Kaiserslautern, June 29, 2011 1 Outline • The eXpressive Internet Architecture – a proposal – Example and concepts E l d t – Research thrusts • Tapa: supporting mobile users – Concepts – Applications – Tapa as an XIA transport Tapa as an XIA transport 2 1

6/29/2011 Network Architecture* 3 * As defined by Google The Internet Architecture host router router router host host router router router email WWW phone... SMTP HTTP RTP... – Minimum functionality a network needs TCP UDP… to implement to connect to the Internet to implement to connect to the Internet IP • Forward packets across multiple networks ethernet PPP… – Effectively the IP narrow waist CSMA async sonet... • Minimalistic definition of architecture copper fiber radio... • All other functions needed are built on top 4 2

6/29/2011 NSF Future Internet Architecture • Program focused on fundamental changes to the Internet architecture – Long ‐ term, multi ‐ phase effort • Four teams were selected in the second phase: – Named Internet Architecture: content centric networking ‐ data is a first class entity – Mobility First: Mobility as the norm rather than the exception – generalizes delay tolerant networking – Nebula: Internet centered around cloud computing data centers that are well connected – eXpressive Internet Architecture: Focus on trustworthiness, evolvability 5 Vision We envision a future Internet that: • Is trustworthy – Security broadly defined is the biggest challenge • Supports long ‐ term evolution of usage models – Including host ‐ host, content retrieval, services, … • Supports long term technology evolution – Not just for link technologies, but also for storage and computing capabilities in the network and end points computing capabilities in the network and end ‐ points • Allows all actors to operate effectively – Despite differences in roles, goals and incentives 6 3

6/29/2011 Today’s Internet Src: Client IP Dest: Server IP TCP Client IP Server IP • Client retrieves document from a specific web server – But client mostly cares about correctness of content timeliness But client mostly cares about correctness of content, timeliness – Specific server, file name, etc. are not of interest • Transfer is between wrong principals – What if the server fails? – Optimizing transfer using local caches is hard • Need to use application ‐ specific overlay or transparent proxy – bad! 7 eXpressive Internet Architecture Src: Client ID Dest: Content ID Dest: Content ID PDA Content • Client expresses communication intent for content explicitly – Network uses content identifier to retrieve content from appropriate Network uses content identifier to retrieve content from appropriate location • How does client know the content is correct? – Intrinsic security! Verify content using self ‐ certifying id: hash(content) = content id • How does source know it is talking to the right client? – Intrinsic security! Self ‐ certifying host identifiers 8 4

6/29/2011 A Bit More Detail … Flexible Trust Dest: Service ID Management Content Name? Dest: Client ID Diverse Content ID Communicating Entities Dest: Content ID Anywhere Intrinsic Security Hash( ) = CID? 9 P1: Evolvable Set of Principals • Identifying the intended communicating entities reduces complexity and overhead entities reduces complexity and overhead – No need to force all communication at a lower level (hosts), as in today’s Internet • Allows the network to evolve Content a581fe9 ... Services d9389fa … Future Host Entities 024e881 … 39c0348 … 10 5

6/29/2011 P2: Security as Intrinsic as Possible • Security properties are a direct result of the design of the system g y – Do not rely on correctness of external configurations, actions, data bases – Malicious actions can be easily identified Content a581fe9 ... Services d9389fa … Host Future 024e881 … Entities 39c0348 … 11 Other XIA Principles • Narrow waist for all principals – Defines the API between the principals and the network Defines the API between the principals and the network protocol mechanisms • Narrow waist for trust management – Ensure that the inputs to the intrinsically secure system match the trust assumptions and intensions of the user – Narrow waist allows leveraging diverse mechanisms for trust management: CAs, reputation, personal, … • All other network functions are explicit services – XIA provides a principal type for services (visible) – Keeps the architecture simple and easy to reason about 12 6

6/29/2011 XIA: eXpressive Internet Architecture • Each communication operation expresses the intent of the operation intent of the operation – Also: explicit trust management, APIs among actors • XIA is a single inter ‐ network in which all principals are connected – Not a collection of architectures implemented Not a collection of architectures implemented through, e.g., virtualization or overlays – Not based on a “preferred” principal (host or content), that has to support all communication 13 What Applications Does XIA Support? • Since XIA supports host ‐ based communication, today’s applications continue to work today s applications continue to work – Will benefit from the intrinsic security properties • New applications can express the right principal – Can also specify other principals (host based) as fallbacks – Content ‐ centric applications – Explicit reliance on network services Explicit reliance on network services – Mobile users – As yet unknown usage models 14 7

6/29/2011 What Do We Mean by Evolvability? • Narrow waist of the Internet has allowed the network to evolve significantly network to evolve significantly • But need to evolve the waist as well! – Can make the waist smarter XIA adds evolvability at the waist: IP: Evolvability of: Applications Applications Applications Evolving set of principals Link technologies Link technologies 15 15 XIA Components and Interactions ‐ Network User ‐ Network Users rthy Network Operation Applications Services Intrinsic Security y Network ‐ Trustwor Host Content Services … Support Support Support eXpressive Internet Protocol 16 8

6/29/2011 How about the Real World? User trust Users Transparency Trust Incentives Control Management Provider Policy Privacy Relationships and Economics Network Operations Forwarding Verifiable Trust Actions Policy Core Control Network Points 17 Outline • Background • The eXpressive Internet Architecture – a proposal Th X i I t t A hit t l – Example and concepts – Research thrusts • XIA building blocks: – AIP – Tapa 18 9

6/29/2011 Developing XIA v0.1 • Principles do not make a network! • Meet the core XIA team: Meet the core XIA team: Fahad Dongsu Hyeontaek Ashok Dogar Han Lim Anand Five happy professors cheering: Michel Boyan Wenfei John Byers, Aditya Akella, Dave Anderson, Machadoy Li Wu Srini Seshan, Peter Steenkiste • Next: quick look at multiple principals, intrinsic security, and evolvability 19 Multiple Principal Types • Hosts XIDs support host ‐ based communication similar to IP – who? • Service XIDs allow the network to route to possibly replicated services – what does it do? – LAN services access, WAN replication, … • Content XIDs allow network to retrieve content from “anywhere” – what is it? – Opportunistic caches, CDNs, … • Autonomous domains allow scoping, hierarchy • What are conditions for adding principal types? 20 10

6/29/2011 Multiple Principal Types Choice involves tradeoffs: Host Host Host • Control • Trust HID HID HID SID SID • Efficiency y Service • Privacy y Content Content CID CID SID CID Content CID Content Content CID CID CID CID Service Service SID SID Content CID CID Content Content 21 CID CID Intrinsic Security in XIA • XIA uses self ‐ certifying identifiers that guarantee security properties for communication operation y p p p – Host ID is a hash of its public key – accountability (AIP) – Content ID is a hash of the content – correctness – Does not rely on external configurations • Intrinsic security is specific to the principal type • Example: retrieve content using … Example: retrieve content using … – Content XID: content is correct – Service XID: the right service provided content – Host XID: content was delivered from right host 22 11